Jump to content
Login new information ×
Login new information

Logitech keyboards and mice vulnerable to extensive cyber attacks

aliyx

By aliyx
in Security & Privacy News

Recommended Posts

aliyx

aliyx

Posted
Posted

Logitech Firmware Updating Tool Logitech don´t install this FW Fix with new Driver !!!

 

https://support.logi.com/hc/en-au/articles/360035037273

 

https://support.logi.com/hc/en-gb/articles/360025283773

 

According to Logitech the attacker would have to be within 10 meters or about 30 ft to exploit the vulnerability.

 

Several Logitech keyboards, mice and wireless presenters suffer from security vulnerabilities, Not only can attackers eavesdrop on keystrokes, they can even infect the host system. c't has established which products are affected and what you should do now.

A large range of Logitech wireless input devices is vulnerable to wireless attacks and can pose a security risk. That is the conclusion of security expert Marcus Mengs, with whom c't has been in touch for quite some time. Mengs investigation of the wireless connections of several Logitech devices has uncovered numerous weaknesses. They affect keyboards and mice as well as remote controls known as wireless presenters.

The vulnerabilities allow an attacker to eavesdrop on keystrokes from wireless keyboards. Everything an affected user types, from e-mails to passwords, is readily available to the adversary. But it gets worse: An attacker can send any command to the victim's computer if a vulnerable Logitech-device is installed. And that makes it easy to infect the computer with malicious code without the rightful owner taking notice.

Mengs demonstrates how to infect a system with a backdoor (remote shell) through which he can control the system remotely by radio. In a way, it's an elegant hack, because he simply piggybacks on the wireless Logitech connection to infect the system and to communicate with the backdoor. That means even computers who are not online are ripe for the hack.

The Logitech Unifying receivers are recognizable by their orange star logo.

Any Logitech device that uses the so-called Unifying radio technology is affected. Logitech has been shipping the vulnerable Unifying USB receivers with wireless keyboards and mice since 2009. Unifying is used across Logitech's product range, from inexpensive entry level devices to current high-end models. The vulnerable USB receivers are recognized by a small orange star logo.

In addition, wireless gaming products of the Lightspeed series and the Wireless Presenters R500 and Spotlight are also affected. They use related radio technology. The Presenter R400, R700 and R800, however, are not affected by the vulnerabilities described in this article. Unfortunately, they suffer from a previously discovered issue known as MouseJack.

 

https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html

Link to comment
Share on other sites
  • Replies 5
  • Views 780
  • Created
  • Last Reply
frankl1n

frankl1n

Posted
Posted

OK but how close would an attacker need to be to piggyback on the wireless signal? I am thinking that they would need to be right outside your house or in another room in the same building. :dunno:

Link to comment
Share on other sites
frankl1n

frankl1n

Posted
Posted

here is the correct link to the Logitech Unifying Receiver Update Tool, the one in OP is just for certain keyboards and does not address this vulnerability.

https://support.logi.com/hc/en-au/articles/360035037273

 

Also according to Logitech the attacker would have to be within 10 meters or about 30 ft to exploit the vulnerability.

https://support.logi.com/hc/en-au/community/posts/360033207154-Logitech-Unifying-Receiver-Update

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...